3D CAPTCHA CONCEPT

CAPTCHA is a way how to verify that web application user is human. Using of CAPTCHA is a need in many web applications. Today it is commonly used by types based on the recognition of alphanumeric characters. The problem is that these tests are becoming more and more complicated for people, but, on the other hand, they are becoming even easier for bots. Therefore, I decided to create a concept to be based on a completely different principle. The result of my endeavour was the 3D captcha technology.

Before describing this idea in more detail, I would like to give you an option to try out the principle on an example. Your goal is to set the slider into the correct position in the flash animation. Moving the slider you can rotate the 3D model. If you consider that resulting image at the current position makes any sense to you (you recognize real object), quit and then click on TEST. You do not need to be 100% accurate, a certain tolerance is set for proper solution.

As you certainly may have noticed, the solution is always the same. This is only for demonstration purposes. In real use, the correct position is generated randomly.

More detailed description of the technology

When creating 3D captcha system the major emphasis is put on innovation and user friendliness. This CAPTCHA is based on the human imagination and spatial perspective. The basic idea is rotation of a special 3D model and finding the correct position of rotation. 3D model can be created from any 2D image. First, the picture is divided into several parts, which are then randomly projected into 3D space, subject to certain rules. Parts projected spatially this way generate together 3D model so that the model looks like the original 2D image from a single observation point. The meaning of 3D model observed from any other observation point is incomprehensible for human. The task for a user is to rotate the model to find the right observation point and solve the CAPTCHA successfully. This concept is based on the fact that the meaning of the model is recognizable from the right observation point only by human. Principle of the 3D captcha technology can be described by three basic steps:

An image is chosen. Of course, not all images are suitable, but there is a huge quantity of images, which can be used. In this case, the picture of four-leaf clover was used.

By use of a suitable graphical method, the image can be divided into several parts, triangles. These parts will be so called basic elements. Each triangle is defined by its coordinates and colour. Then the coordinates of the original observation point are chosen. Based on the coordinates of the basic elements and coordinates of the observation point the coordinates of the projected elements are calculated subsequently.

2D SOURCE PICTURE

DECOMPOSITION OF 2D IMAGE

DETERMINATION OF THE OBSERVATION POINT

2. STEP - the projection of basic elements into 3D space

At this moment we have a set of basic elements. Each of the basic elements is randomly projected into the 3D projection space into so called projection sphere. This means that every single projected element must be inside of the sphere. The sphere is chosen because its shape from any observation point is always the same and the shape of the projection area is not important for observer in respect of information. The coordinates of the projected elements are calculated on the basis of coordinates of the original observation point coordinates of basic elements.

PROJECTION OF ONE ELEMENT

VIEW FROM ANOTHER ANGLE

PROJECTION OF THE WHOLE PICTURE

3. STEP - creation of 3D model and client application

All projected elements now shape a 3D model. This model can be stored in one of the commonly used file formats for 3D models (DAE, KMZ, and others). Using a proper technology for displaying interactive web content and our 3D file a 3D CAPTCHA client application is then created. In this case, the FLASH technology using Papervision3D was used. Then , this application can be included in any website to replace the classic text-based CAPTCHA systems.

DAE FORMAT

CLIENT APPLICATION

Advantages

Disadvantages

- captcha based on human imagination
- can be fully automated
- unlimited amount of source images, in general, any image can be used
- great potential for modification to advertising system
- possible modification to the advertising is more user-oriented than traditional text advertising (user is "forced" to cautiousness in respect of advertising when solving the captcha test)
- with increasing experience 3D captcha test can be solved faster than solving text-based CAPTCHA system

- demonstration example uses flash, which is not supported on all devices
- the risk of solving the problem by using an image analysis, abuse or unknown system imperfections by the automated systems (bots)
- relatively high demands on connectivity of user (examples are about 500KB in size)

COMPARATIVE TABLE

Notes of author

3D captcha is not only the concept with a functional presentation prototype but not the comprehensive completed system

For better clarity, the rotation of models is limited to 180 degrees

Sample examples are easy to overcome by use of the trial/error method. There is a probability of 7:180 that you can overcome CAPTCHA test successfully if you choose a random position on the slider. In real use, the 3D captcha system must therefore be modified for example by using multiple 3D models simultaneously in one test. For example, in use of two models (two sliders), capable of rotation of 360 degrees and 3 degrees of tolerance, the possibility that the random model can be randomly overcome is only 1:14400, which is sufficient probability for a captcha system.

If there is a new concept, there is obviously a risk of breaking by automated system. Analysis of all security risks requires more time.

From the nature of the concept is clear that system imperfection, which is unknown at present, may be misused. The basic idea of using human imagination in problem solving gives hope that the CAPTCHA system based on this principle would be unbreakable for nowadays computer systems.